Could use some advise: Re: Relay setup

[DMRDave]

Greetings,

I'm a network edition customer, and have a theoretical question regarding email server setups. I'm looking for some knowledge as to the best way to set things up in this scenario. Hoping someone on the forums can help me or at lease get me headed in the right direction.

I have two servers set up as such (names and IP's changed to protect the innocent).

Both have public IP addresses. No NAT needed or in the mix. I have complete control of the DNS for these servers.

mail2.foo.com and public IP 1.2.3.4 (production email)
mail.foo.com and public 4.5.6.7 (relay server)

mail.foo.com is being used to relay mail for a select set of our customer base to the outside world. We require authorization, and set up a unique user for them to use for relay. In the "outgoing server" setting's in their email clients (outlook, IE, tbird, etc), they enter "mail.foo.com" and also enter the auth settings. All works just fine.

mail2.foo.com is the production server for our organization, and handles all mail (pop, imap, smtp on port 587 with auth). All works just fine.


The problem is this: If a relay customer - who's outgoing server settings are set to mail.foo.com - sends an email to my domain email address - mailuser@foo.com for example - the message is bounced back to the sender.

This is because the mailuser@foo.com user account does not exist on the relay server, so it is bounced back to the sender. The mail user account exists on mail2.foo.com.

Are there any suggestions out there that would help me solving this dilemma.

One that comes to mind.

I could relay from my production server, but I don't want to take up the user seats for relay customers.

To solve this, I could open relay for the customer's unique IP addresses, thus not needing auth, but we would like to have auth in place due to spamming concerns.

Perhaps I could forward all messages received to the relay server with auth on to the producition server using the Relay MTA for external delivery? Thoughts.

Thank you in advance for any enlightenment.

-Dave

[uxbod]

What MTA are you using on your relay server ? If you are using Postfix you could either 1) perform a direct LDAP lookup on your Production server for the recipient and then relay the email to your Production server 2) Extract the list of users from your Production server using zmprov and then generate a transport file or 3) anything destined for the domain handled by your Production server relay it through.

If your using Exim have a read of Exporting all addresses - Zimbra :: Wiki.

[DMRDave]

Hey, thanks for the response. I really appreciate the ideas and will investigate. FYI, my production box is NE 5.0.8 (ubuntu 6.06) and my relay server is FOSS 4.5.9 (SUSE 9), but I plan to upgrade it to FOSS 5.0.8 (Ubuntu) and use it for relay services. Hence my post looking for suggestions. Thank you again.

[cedbobking]

What would happen if mail2.foo.com used mail.foo.com as an outbound MTA? Then mail to foo.com would be captured and mail not to foo.com would be sent on its merry way. Wouldn't it?

I use Postini as an inbound and outbound MTA on my single server and it works great.

In the WebAdmin interface choose Servers>mail2.foo.com>MTA. Look for "Relay MTA for external delivery" point that to mail.foo.com. Choose Servers>mail.foo.com>MTA. Look for "MTA Trusted Networks". Put the IP of mail2.foo.bar in it, along with the other IPs that should also be there.

If my thinking is correct the your mail should flow. It's not quite the same as what I've done, so your mileage may vary. Good luck.